13 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-5398
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a...
Oracle Siebel Server <= 21.1 (April 2021 CPU)
The versions of Oracle Siebel CRM installed on the remote host are affected by a vulnerability as referenced in the April 2021 CPU advisory. - Vulnerability in the Siebel Engineering - Installer and Deployment product of Oracle Siebel CRM component: Siebel Approval Manager Spring Framework...
Vmware Spring Framework Remote Code Execution (CVE-2020-5398)
A remote code execution vulnerability exists in VMware Spring Framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Update application links to 5.4.23 to fix CVE-2020-5398
Affected versions of Atlassian FishEye and Crucible allow remote attackers to view sensitive information via an Information Disclosure vulnerability in a vulnerable version of the Application Links component. The affected versions are before version 4.8.6. Affected versions: version 4.8.6 Fixed...
Update Atlassian Platform to 3.5.19 to fix CVE-2018-1000613, CVE-2019-17571 and other vulnerabilities
Update Atlassian Platform from 3.5.17 to 3.5.19. The new platform version brings changes in the following libraries: update com.atlassian.applinks: from 5.4.21 to 5.4.23 update com.atlassian.plugins: from 4.4.10 to 4.4.14 update com.atlassian.sal: from 3.1.2 to 3.1.3 update com.atlassian.streams:...
Important: Red Hat Security Advisory: Red Hat Fuse 7.8.0 release and security update
A minor version update from 7.7 to 7.8 is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring...
Spring Framework Vulnerability - CVE-2020-5398
h3. Issue Summary Security vulnerability scan gave a red flag for Spring Framework plugin version that is used in Bitbucket Server version 6.10.0. The CVE-2020-5398 is being noted from the report scan. h3. Description Plugin: Spring Framework 5.0.x 5.0.16 / 5.1.x 5.1.13 / 5.2.x 5.2.3 Spring...
Spring Framework Vulnerability - CVE-2020-5398
h3. Issue Summary Security vulnerability scan gave a red flag for Spring Framework plugin version that is used in Bitbucket Server version 6.10.0. The CVE-2020-5398 is being noted from the report scan. h3. Description Plugin: Spring Framework 5.0.x 5.0.16 / 5.1.x 5.1.13 / 5.2.x 5.2.3 Spring...
CVE-2020-5398
A flaw was found in springframework in versions prior to 5.0.16, 5.1.13, and 5.2.3. A reflected file download RFD attack is possible when a "Content-Disposition" header is set in response to where the filename attribute is derived from user supplied input. The highest threat from this vulnerabili...
ai.hyacinth.framework:core-service-admin-server (>=0.5.8 <=0.5.21), ai.hyacinth.framework:core-service-gateway-server (>=0.5.8 <=0.5.21) +38 more potentially affected by CVE-2020-5398 via org.springframework:spring-webflux (>=5.1.0.RELEASE <=5.1.12.RELEASE)
org.springframework:spring-webflux MAVEN version =5.1.0.RELEASE, =0.5.8, =0.5.8, =0.5.8, =0.5.0, =1.1.1.RELEASE, =1.0.6.RELEASE, =1.0.0, =1.3.5, =1.0.4.RELEASE, =1.7.0, =1.1.1-Greenwich, =1.1.1-Greenwich, =1.1.2-Greenwich and more Source cves: CVE-2020-5398 Source advisory: OSV:GHSA-8WX2-9Q48-VM9...
ai.ylyue:yue-library-base (>=Finchley.SR2.SR1 <=Finchley.SR4.1), ai.ylyue:yue-library-base-crypto (>=Finchley.SR4 <=Finchley.SR4.1) +754 more potentially affected by CVE-2020-5398 via org.springframework:spring-webmvc (>=5.0.0.RELEASE <=5.0.15.RELEASE)
org.springframework:spring-webmvc MAVEN version =5.0.0.RELEASE, =Finchley.SR2.SR1, =Finchley.SR4, =Finchley.SR2.SR1, =Finchley.SR2.SR1, =Finchley.SR4, =2.0.3.RELEASE, =2.0.2.RELEASE, =1.0.3.RELEASE, =3.1.0, =3.1.0, =2.0.7, =2.0.11 - ch.rasc:wamp2spring =1.0.0 - ch.rasc:wamp2spring-security =1.0.0...
Exploit for Cross-site Scripting in Vmware Spring_Framework
CVE-2020-5398 - RFDReflected File Download Attack for Spring...
CVE-2020-5398
CVE-2020-5398 (Spring Framework) affects Spring Framework versions: 5.0.x before 5.0.16, 5.1.x before 5.1.13, and 5.2.x before 5.2.3. The vulnerability is a reflected file download (RFD) attack triggered when an application sets a Content-Disposition header whose filename is derived from user inp...